Permalink
Switch branches/tags
Commits on Nov 2, 2018
  1. doc: fix headings for CHANGELOG_v10.md

    MylesBorins authored and danbev committed Oct 30, 2018
    The LTS bit flip did not include the new title heading for LTS in the
    changelog. This commit fixes that.
    
    PR-URL: #23973
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Richard Lau <riclau@uk.ibm.com>
    Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
    Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Commits on Oct 30, 2018
  1. 2018-10-30 Version 10.13.0 'Dubnium' (LTS)

    MylesBorins committed Oct 23, 2018
    This release marks the transition of Node.js 10.x into Long Term
    Support (LTS) with the codename 'Dubnium'. The 10.x release line
    now moves in to "Active LTS" and will remain so until April 2020.
    After that time it will move in to "Maintenance" until end of
    life in April 2021.
    
    Notable Changes:
    
    This release only includes minimal changes necessary to fix known
    regressions prior to LTS.
    
    PR-URL: #23831
Commits on Oct 29, 2018
  1. doc: add note about ABI compatibility

    MylesBorins committed Aug 10, 2018
    Building node against versions of the dependencies that differ from the
    ones we vendor will result in a non ABI compatible version of Node.js
    
    This patch adds a note to make it explicit that if individuals build
    node against different versions of a dependency they should make a
    custom NODE_MODULE_VERSION.
    
    PR-URL: #22237
    Reviewed-By: Vse Mozhet Byt <vsemozhetbyt@gmail.com>
    Reviewed-By: Jon Moss <me@jonathanmoss.me>
    Reviewed-By: Benjamin Gruenbaum <benjamingr@gmail.com>
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Commits on Sep 11, 2018
  1. 2018-09-11, Version 8.12.0 'Carbon' (LTS)

    MylesBorins committed Jun 29, 2018
    Notable Changes:
    
    * async_hooks:
      - rename PromiseWrap.parentId (Ali Ijaz Sheikh)
        #18633
      - remove runtime deprecation (Ali Ijaz Sheikh)
        #19517
      - deprecate unsafe emit{Before,After} (Ali Ijaz Sheikh)
        #18513
    * cluster:
      - add cwd to cluster.settings (cjihrig)
        #18399
      - support windowsHide option for workers (Todd Wong)
        #17412
    * crypto:
      - allow passing null as IV unless required (Tobias Nießen)
        #18644
    * deps:
      - upgrade npm to 6.2.0 (Kat Marchán)
        #21592
      - upgrade libuv to 1.19.2 (cjihrig)
        #18918
      - Upgrade node-inspect to 1.11.5 (Jan Krems)
        #21055
    * fs,net:
      - support as and as+ flags in stringToFlags() (Sarat Addepalli)
        #18801
      - emit 'ready' for fs streams and sockets (Sameer Srivastava)
        #19408
    * http, http2:
      - add options to http.createServer() (Peter Marton)
        #15752
      - add 103 Early Hints status code (Yosuke Furukawa)
        #16644
      - add http fallback options to .createServer (Peter Marton)
        #15752
    * n-api:
      - take n-api out of experimental (Michael Dawson)
        #19262
    * perf_hooks:
      - add warning when too many entries in the timeline (James M Snell)
        #18087
    * src:
      - add public API for managing NodePlatform (Cheng Zhao)
        #16981
      - allow --perf-(basic-)?prof in NODE\_OPTIONS (Leko)
        #17600
      - node internals' postmortem metadata (Matheus Marchini)
        #14901
    * tls:
      - expose Finished messages in TLSSocket (Anton Salikhmetov)
        #19102
    * **trace_events**:
      - add file pattern cli option (Andreas Madsen)
        #18480
    * util:
      - implement util.getSystemErrorName() (Joyee Cheung)
        #18186
    
    PR-URL: #21593
Commits on Jul 13, 2018
  1. deps: patch V8 to 6.7.288.49

    MylesBorins committed Jul 9, 2018
    PR-URL: #21727
    Refs: v8/v8@6.7.288.46...6.7.288.49
    Reviewed-By: Anna Henningsen <anna@addaleax.net>
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Сковорода Никита Андреевич <chalkerx@gmail.com>
    Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
  2. doc: add policy for landing new npm releases

    MylesBorins committed Jun 29, 2018
    This change in policy sets clear terms for when / how npm releases
    can be landed into master and how long they are expected to bake in the
    ecosystem. This is to cover all release types of npm including semver-major
    releases.
    
    What Node.js releases the updates land into are at the discretion of the
    release team.
    
    PR-URL: #21594
    Reviewed-By: Anna Henningsen <anna@addaleax.net>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Franziska Hinkelmann <franziska.hinkelmann@gmail.com>
    Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Commits on Jun 25, 2018
  1. deps: float fix on node-gyp in npm tree

    MylesBorins committed May 10, 2018
    This is a fix for filenames that have spaces which currently breaks
    node-gyp. npm has not yet updated the dependency to the latest version
    in the mean time we should land this as a patch
    
    PR-URL: #21448
    Refs: nodejs/node-gyp#1436
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
Commits on Jun 13, 2018
  1. doc: move Italo A. Casas to Release Emeritus

    MylesBorins committed Jun 13, 2018
    Have confirmed 1:1 that they are ok with this.
    
    PR-URL: #21315
    Reviewed-By: Richard Lau <riclau@uk.ibm.com>
    Reviewed-By: Michaël Zasso <targos@protonmail.com>
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
    Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
    Reviewed-By: Italo A. Casas <me@italoacasas.com>
    Reviewed-By: Jon Moss <me@jonathanmoss.me>
  2. deps: patch V8 to 6.7.288.46

    MylesBorins committed Jun 11, 2018
    PR-URL: #21260
    Refs: v8/v8@6.7.288.45...6.7.288.46
    Reviewed-By: Michaël Zasso <targos@protonmail.com>
    Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
    Reviewed-By: Minwoo Jung <minwoo@nodesource.com>
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
    Reviewed-By: Tiancheng "Timothy" Gu <timothygu99@gmail.com>
Commits on Jun 6, 2018
  1. 2018-06-06, Version 10.4.0 (Current)

    MylesBorins committed Jun 6, 2018
    Notable Changes:
    
    * **deps**:
     - update V8 to 6.7.288.43 (Michaël Zasso)
       #19989
    * **stream**:
      - ensure Stream.pipeline re-throws errors without callback (Blaine Bublitz)
        #20437
    
    PR-URL: #21167
  2. tools: ensure doc-only doesn't update package-lock

    MylesBorins committed May 29, 2018
    Currently `make doc-only` is updating the package-lock.json
    which is breaking our release build.
    
    This adds the flags `--no-package-lock` when
    running `npm install` to ensure the package-lock.json is not
    changed unintentionally by running make
    
    PR-URL: #21015
    Reviewed-By: Gus Caplan <me@gus.host>
    Reviewed-By: Refael Ackermann <refack@gmail.com>
    Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
    Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
Commits on May 30, 2018
  1. doc: add missing link for 10.3.0 changelog

    MylesBorins committed May 29, 2018
    PR-URL: #21017
    Reviewed-By: Joyee Cheung <joyeec9h3@gmail.com>
    Reviewed-By: Matheus Marchini <matheus@sthima.com>
    Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
    Reviewed-By: Jon Moss <me@jonathanmoss.me>
    Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Trivikram Kamat <trivikr.dev@gmail.com>
    Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Commits on May 29, 2018
  1. 2018-05-29, Version 10.3.0 (Current)

    MylesBorins committed May 29, 2018
    Notable Changes:
    
    * **deps**:
      - upgrade npm to 6.1.0 (Rebecca Turner)
        #20190
    * **fs**:
      - fix reads with pos \> 4GB (Mathias Buus)
        #21003
    * **net**:
      - new option to allow IPC servers to be readable and writable
        by all users (Bartosz Sosnowski)
        #19472
    * **stream**:
      - fix removeAllListeners() for Stream.Readable to work as expected
        when no arguments are passed (Kael Zhang)
        #20924
    * **Added new collaborators**
      - John-David Dalton (https://github.com/jdalton)
    
    PR-URL: #21011
Commits on May 24, 2018
  1. 2018-05-24, Version 10.2.1 (Current)

    MylesBorins committed May 24, 2018
    This is a follow up release to fix two regressions that were introduced
    in v10.2.0.
    
    PR-URL: #20943
Commits on May 18, 2018
  1. deps: patch V8 to 6.6.346.32

    MylesBorins authored and BridgeAR committed May 15, 2018
    PR-URL: #20748
    Refs: v8/v8@6.6.346.31...6.6.346.32
    Reviewed-By: Michaël Zasso <targos@protonmail.com>
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Gus Caplan <me@gus.host>
Commits on May 15, 2018
  1. 2018-05-15, Version 8.11.2 'Carbon' (LTS)

    MylesBorins committed May 2, 2018
    Notable Changes:
    
    deps:
      - update node-inspect to 1.11.3 (Jan Krems)
        #18354
      - update nghttp2 to 1.29.0 (James M Snell)
        #17908
    http2:
      - Sync with current release stream
    n-api:
      - Sync with current release stream
    
    PR-URL: #20478
  2. deps: patch V8 to 6.6.346.31

    MylesBorins committed May 8, 2018
    PR-URL: #20603
    Refs: v8/v8@6.6.346.27...6.6.346.31
    Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
    Reviewed-By: Michaël Zasso <targos@protonmail.com>
Commits on May 9, 2018
  1. 2018-05-08, Version 10.1.0 (Current)

    MylesBorins committed May 8, 2018
    Notable Changes:
    
    * console:
      - make console.table() use colored inspect (TSUYUSATO Kitsune)
        #20510
    * fs:
      - move fs/promises to fs.promises (cjihrig)
        #20504
    * http:
      - added aborted property to request (Robert Nagy)
        #20094
    * n-api:
      - initialize a module via a special symbol (Gabriel Schulhof)
        #20161
    * src:
      - add public API to expose the main V8 Platform (Allen Yonghuang Wang)
        #20447
    
    PR-URL: #20606
Commits on May 4, 2018
  1. deps: patch V8 to 6.6.346.27

    MylesBorins committed May 2, 2018
    PR-URL: #20480
    Refs: v8/v8@6.6.346.24...6.6.346.27
    Reviewed-By: Khaidi Chu <i@2333.moe>
    Reviewed-By: Michaël Zasso <targos@protonmail.com>
Commits on Apr 30, 2018
  1. 2018-04-30, Version 6.14.2 'Boron' (LTS)

    MylesBorins committed Apr 13, 2018
    Notable Change:
    
    * n-api:
      - n-api has been backported to v6.x. It is being landed as an experimental interface,
        and as such is landing in a Semver-Patch release. (Gabriel Schulhof)
        #19447
    
    PR-URL: #19996
Commits on Apr 17, 2018
  1. deps: bump V8 embedder string

    MylesBorins committed Apr 17, 2018
    This was missed in a previous PR
    
    PR-URL: #20105
    Refs: #20016
    Reviewed-By: Michaël Zasso <targos@protonmail.com>
    Reviewed-By: Gus Caplan <me@gus.host>
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Richard Lau <riclau@uk.ibm.com>
    Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Commits on Apr 16, 2018
  1. deps: patch V8 to 6.6.346.24

    MylesBorins committed Apr 13, 2018
    PR-URL: #19995
    Refs: v8/v8@6.6.346.23...6.6.346.24
    Reviewed-By: Michaël Zasso <targos@protonmail.com>
    Reviewed-By: Yang Guo <yangguo@chromium.org>
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Commits on Apr 11, 2018
  1. src: update NODE_MODULE_VERSION to 63

    MylesBorins committed Apr 11, 2018
    Major V8 updates are usually API/ABI incompatible with previous
    versions. This commit adapts NODE_MODULE_VERSION for V8 6.6.
    
    Refs: https://github.com/nodejs/CTC/blob/master/meetings/2016-09-28.md
    
    PR-URL: #19201
    Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
    Reviewed-By: Myles Borins <myles.borins@gmail.com>
    Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
  2. build: reset embedder string to "-node.0"

    MylesBorins committed Apr 11, 2018
    PR-URL: #19201
    Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
    Reviewed-By: Myles Borins <myles.borins@gmail.com>
    Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
  3. deps: update V8 to 6.6.346.23

    MylesBorins committed Apr 11, 2018
    PR-URL: #19201
    Reviewed-By: Ali Ijaz Sheikh <ofrobots@google.com>
    Reviewed-By: Myles Borins <myles.borins@gmail.com>
    Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Commits on Apr 5, 2018
  1. deps: manually add 10.x support to npm

    MylesBorins committed Dec 20, 2017
    Currently npm explicitly doesn't support 10.x and will fail on master.
    This patch manually adds support for 10.x so that we can keep an up to
    date version of npm on master.
    
    refs: #17535
    Backport-PR-URL: #19560
    PR-URL: #17777
    Reviewed-By: Michaël Zasso <targos@protonmail.com>
    Reviewed-By: James M Snell <jasnell@gmail.com>
    Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
    Reviewed-By: Anna Henningsen <anna@addaleax.net>
    Reviewed-By: Gibson Fahnestock <gibfahn@gmail.com>
  2. 2018-04-05, Version 9.11.1 (Current)

    MylesBorins committed Apr 5, 2018
    Notable changes:
    
    An infrastructure issue caused a non-functioning msi installer for x64 to be promoted.
    The patch release is to ensure that all binaries and installers work as expected.
Commits on Mar 30, 2018
  1. 2018-03-29, Version 9.10.1 (Current)

    MylesBorins committed Mar 29, 2018
    Notable changes:
    
    No additional commits.
    
    Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the
    latest releases for PPC little endian were built using GCC 4.9.X
    instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
    environments. This has been fixed in our infrastructure and we are
    doing this release to ensure that the hosted binaries are adhering to
    our platform support contract.
    
    Note that Node.js versions 10.X and later will be built with version
    4.9.X or later of the GCC compiler, and it is possible that Node.js
    version 9.X may be built on the 4.9.X compiler at a later time as the
    stated minimum compiler requirement for Node.js version 9.X is 4.9.4.
    
    Refs: https://github.com/nodejs/node/blob/v9.x/BUILDING.md
    PR-URL: #19678
  2. 2018-03-29, Version 8.11.1 'Carbon' (LTS)

    MylesBorins committed Mar 29, 2018
    Notable changes:
    
    No additional commits.
    
    Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the
    latest releases for PPC little endian were built using GCC 4.9.X
    instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
    environments. This has been fixed in our infrastructure and we are
    doing this release to ensure that the hosted binaries are adhering to
    our platform support contract.
    
    Note that Node.js versions 10.X and later will be built with version
    4.9.X or later of the GCC compiler, and it is possible that Node.js
    version 8.X may be built on the 4.9.X compiler at a later time as the
    stated minimum compiler requirement for Node.js version 8.X is 4.9.4.
    
    Refs: https://github.com/nodejs/node/blob/v8.x/BUILDING.md
    PR-URL: #19679
  3. 2018-03-29, Version 6.14.1 'Boron' (LTS)

    MylesBorins committed Mar 29, 2018
    Notable changes:
    
    No additional commits.
    
    Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the
    latest releases for PPC little endian were built using GCC 4.9.X
    instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
    environments. This has been fixed in our infrastructure and we are
    doing this release to ensure that the hosted binaries are adhering to
    our platform support contract.
    
    PR-URL: #19680
  4. 2018-03-29, Version 4.9.1 'Argon' (Maintenance)

    MylesBorins committed Mar 29, 2018
    Notable changes:
    
    No additional commits.
    
    Due to incorrect staging of the upgrade to the GCC 4.9.X compiler, the
    latest releases for PPC little endian were built using GCC 4.9.X
    instead of GCC 4.8.X. This caused an ABI breakage on PPCLE based
    environments. This has been fixed in our infrastructure and we are
    doing this release to ensure that the hosted binaries are adhering to
    our platform support contract.
    
    PR-URL: #19681
Commits on Mar 28, 2018
  1. 2018-03-28, Version 8.11.0 'Carbon' (LTS)

    MylesBorins committed Mar 28, 2018
    This is a security release. All Node.js users should consult the
    security release summary at:
    
    https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
    
    for details on patched vulnerabilities.
    
    Fixes for the following CVEs are included in this release:
    
    * CVE-2018-7158
    * CVE-2018-7159
    * CVE-2018-7160
    
    Notable changes:
    
    * Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
      are known to impact Node.js.
    * **Fix for inspector DNS rebinding vulnerability (CVE-2018-7160)**:
      A malicious website could use a DNS rebinding attack to trick a web
      browser to bypass same-origin-policy checks and allow HTTP
      connections to localhost or to hosts on the local network,
      potentially to an open inspector port as a debugger, therefore
      gaining full code execution access. The inspector now only allows
      connections that have a browser `Host` value of `localhost` or
      `localhost6`.
    * **Fix for `'path'` module regular expression denial of service
      (CVE-2018-7158)**: A regular expression used for parsing POSIX an
      Windows paths could be used to cause a denial of service if an
      attacker were able to have a specially crafted path string passed
      through one of the impacted `'path'` module functions.
    * **Reject spaces in HTTP `Content-Length` header values
      (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
      `Content-Length` header values. Such values now lead to rejected
      connections in the same way as non-numeric values.
    * **Update root certificates**: 5 additional root certificates have
      been added to the Node.js binary and 30 have been removed.
    
    PR-URL: nodejs-private/node-private#112
  2. 2018-03-28, Version 6.14.0 'Boron' (LTS)

    MylesBorins committed Mar 28, 2018
    This is a security release. All Node.js users should consult the
    security release summary at:
    
    https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
    
    for details on patched vulnerabilities.
    
    Fixes for the following CVEs are included in this release:
    
    * CVE-2018-7158
    * CVE-2018-7159
    * CVE-2018-7160
    
    Notable changes:
    
    * Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
      are known to impact Node.js.
    * **Fix for inspector DNS rebinding vulnerability (CVE-2018-7160)**:
      A malicious website could use a DNS rebinding attack to trick a web
      browser to bypass same-origin-policy checks and allow HTTP
      connections to localhost or to hosts on the local network,
      potentially to an open inspector port as a debugger, therefore
      gaining full code execution access. The inspector now only allows
      connections that have a browser `Host` value of `localhost` or
      `localhost6`.
    * **Fix for `'path'` module regular expression denial of service
      (CVE-2018-7158)**: A regular expression used for parsing POSIX an
      Windows paths could be used to cause a denial of service if an
      attacker were able to have a specially crafted path string passed
      through one of the impacted `'path'` module functions.
    * **Reject spaces in HTTP `Content-Length` header values
      (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
      `Content-Length` header values. Such values now lead to rejected
      connections in the same way as non-numeric values.
    * **Update root certificates**: 5 additional root certificates have
      been added to the Node.js binary and 30 have been removed.
    
    PR-URL: nodejs-private/node-private#113
  3. 2018-03-28, Version 4.9.0 'Argon' (Maintenance)

    MylesBorins committed Mar 28, 2018
    This is a security release. All Node.js users should consult the
    security release summary at:
    
    https://nodejs.org/en/blog/vulnerability/march-2018-security-releases/
    
    for details on patched vulnerabilities.
    
    Fixes for the following CVEs are included in this release:
    
    * CVE-2018-7158
    * CVE-2018-7159
    
    Notable Changes:
    
    * Upgrade to OpenSSL 1.0.2o: Does not contain any security fixes that
      are known to impact Node.js.
    * **Fix for `'path'` module regular expression denial of service
      (CVE-2018-7158)**: A regular expression used for parsing POSIX an
      Windows paths could be used to cause a denial of service if an
      attacker were able to have a specially crafted path string passed
      through one of the impacted `'path'` module functions.
    * **Reject spaces in HTTP `Content-Length` header values
      (CVE-2018-7159)**: The Node.js HTTP parser allowed for spaces inside
      `Content-Length` header values. Such values now lead to rejected
      connections in the same way as non-numeric values.
    * **Update root certificates**: 5 additional root certificates have
      been added to the Node.js binary and 30 have been removed.
    
    PR-URL: nodejs-private/node-private#110
Commits on Mar 27, 2018
  1. deps: patch V8 to 6.5.254.43

    MylesBorins committed Mar 26, 2018
    PR-URL: #19615
    Refs: v8/v8@6.5.254.41...6.5.254.43
    Reviewed-By: Michaël Zasso <targos@protonmail.com>
    Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
    Reviewed-By: Shingo Inoue <leko.noor@gmail.com>